Outsourcing DDOS

On Mon, Oct 24, 2011 at 4:45 PM, Brett Watson <brett at the-watsons.org> wrote:
> On Oct 24, 2011, at 10:54 AM, Andreas Echavez wrote:
>> > Prolexic is the go-to company for handling large-scale DDoSes. We haven't
> > yet tried the service, but they've been extremely professional.
>> Not sure I understand your post. You claim Prolexic are the go-to-guys, and
> extremely professional… but you haven't used them?
>> I would agree with Stephan's response as well, some of the other providers
> have as much capacity to deal with attacks (Verisign, Neustar, etc). And
> it's not about what's "stated" on their marketing slicks, it's about actual
> capacity, architecture, and "clue."
>
Agreed, however our point of contention was that no other providers were
willing to write SLAs based on service delivery time. We've used Verizon's
service and it took nearly 10-12 hours coordinating with their NOC to get
the service up and running, then over a week of troubleshooting packet sizes
and so forth to finally get the system working properly.
Unfortunately the only way for us to test Prolexic is to come under attack.
In the meantime, the provisioning, engineering team, and everyone else has
been fantastic. I'm not trying to push one provider over another -- we've
just had good communication. Someone with less frequent or smaller attacks
may find better value in another service.
Prolexic's stated current network capacity is 375Gb. They have *claimed* that
they will have 500Gb total by next year.
> Prolexic has a long (early) history of DDoS mitigation, and I have no
> reason do doubt they are any worse than they used to be but if you haven't
> used them, it's just conjecture.
>
That's all I'm really saying here. It's been a good experience so far -- but
only time will tell. Most of these *providers* are just using Arbor networks
equipment and a fat pipe. It generally all works the same. Unfortunately
it's not a simple task to test several hundred gigabytes of mitigation
capacity.
>> I'd be interested to know whom you have experience with and what size of
> attack you were able to mitigate with them (not being pedantic, but looking
> for real-world examples and all).
>
We were able to mitigate a 20Gb attack through VZB. It was concerning
because their total network capacity is 80Gb across ~4 PoPs.
Unfortunately we had the issues above, combined with a lot of billing
confusion on their part. They asked us to pay more for no reason whatsoever
because we really need to *upgrade* our tier to the 1Gb service from the
500Mb (what does that mean)? This conversation with their sales team
followed the somewhat large attack stated above.
When asked "does the 1Gb tier mean 1Gb of clean traffic, or that you block
1Gb of DDoS", they couldn't answer our question. Anyhow take everything with
a grain of salt. Our experience could differ vastly than others, and this
isn't mean I have anything against Verizon or anyone else.
> -b
>
-Andreas